Privacy Policy
COPPA-Compliant Children's Privacy Policy
Last Updated: September 2026
Plain Language Summary
Before the legal language: here's what this policy means in simple terms.
- We collect information about your child to make Grove work. Conversations, interests, skills, developmental data — all the things that make Grove personal.
- You own all of it. Export or delete anytime. One click.
- Your child's data is encrypted.Even our team can't read individual conversations without your family's key.
- We never sell your child's data. To anyone. Ever.
- We need your verified consent before your child uses Grove. Your payment serves as that consent under COPPA.
- When your child turns 18, they own their data. You no longer control it.
1. Introduction
Grove (“we,” “us,” “our”) operates the Grove cognitive development platform for children (“Grove,” “the Service”). This Privacy Policy explains how we collect, use, store, and protect information from and about children under 13, children ages 13–17, and their parents/guardians (“you”).
We comply with the Children's Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and applicable state privacy laws. Where our practices exceed legal requirements, we note it.
2. Information We Collect
2.1 Information from Parents
| Information | Purpose | Required? |
|---|---|---|
| Name, email, phone | Account creation, communication | Yes |
| Payment information | Billing (processed by Stripe — we never store card numbers) | Yes |
| Child's name, date of birth, grade | Profile creation, age-appropriate experience | Yes |
| Onboarding questionnaire responses | Configure Grove's developmental approach | Yes |
| Deep interview responses | Enhanced personalization and Blueprint generation | Optional |
| Notification preferences | Deliver communications per your preference | Yes |
2.2 Information from Children
| Information | Purpose | How Collected |
|---|---|---|
| Voice recordings | Transcribed to text for conversation (audio is processed, not permanently stored in audio form) | During voice sessions |
| Conversation transcripts | Build knowledge graph, track development, generate reports | Every session |
| Interaction patterns | Engagement quality, session duration, question frequency | Automatically during sessions |
| Responses to embedded challenges | Skill assessment, knowledge graph updates | During natural conversation |
| Self-reported emotions and interests | Developmental tracking, emotional support | When child shares voluntarily |
2.3 Information We Generate
| Information | Purpose |
|---|---|
| Knowledge graph | Tracks cognitive development over time |
| Developmental Dimensions scores | Measures growth across clinician-defined dimensions |
| Behavioral patterns | Identifies trends in engagement, emotion, and cognition |
| Session summaries | Parent reports and dashboard |
| Blueprints | Developmental portraits delivered to parents |
| Safety event records | Child protection and mandatory reporting |
2.4 Information We Do NOT Collect
- Location data
- Contact lists
- Photos or videos
- Browsing history
- Data from other apps on the child's device
- Social media data
- School records (unless parent provides during onboarding)
- Biometric data
3. Parental Consent (COPPA)
We require verifiable parental consent before collecting any information from children under 13.
Method of consent:Credit/debit card transaction at enrollment ($997). Under COPPA, a monetary transaction using a credit card is an approved method of verifiable parental consent. By completing enrollment, you consent to the collection of your child's information as described in this policy.
Revoking consent: You may revoke consent at any time by:
- Deleting your child's data (Settings → Data → Delete All)
- Canceling your subscription
- Contacting us at privacy@exploregrove.com
When consent is revoked, we delete all child data within 30 days, except safety event records required by law.
4. How We Use Information
| Use | Legal Basis |
|---|---|
| Provide the Grove service (conversations, missions, knowledge graph) | Parental consent + contract |
| Generate developmental reports and Blueprints | Parental consent + contract |
| Detect and respond to safety concerns | Legitimate interest (child protection) |
| Improve the Grove AI using anonymized, aggregated data | Legitimate interest (with consent for individual data) |
| Communicate with parents (reports, alerts, billing) | Contract |
| Conduct research on developmental outcomes (with consent) | Explicit consent (opt-in) |
We NEVER use your child's data to:
- Serve advertisements
- Sell to third parties
- Create marketing profiles
- Target your child with commercial content
- Share with data brokers
5. Data Storage and Security
5.1 Encryption
- In transit: TLS 1.3 for all data transmission
- At rest: AES-256 encryption for all stored data
- Conversation data:Encrypted with family-specific keys (zero-knowledge architecture). Grove engineers cannot read individual conversations without the family's key.
5.2 Infrastructure
- Data stored in SOC 2 Type II certified infrastructure
- Annual third-party security audit
- Penetration testing conducted quarterly
- Access logging with anomaly detection
- Employee access restricted on a need-to-know basis with audit trails
5.3 Voice Data
Voice recordings are:
- Transcribed to text in real-time via OpenAI Whisper
- Text transcript is stored (encrypted)
- Original audio recordings are NOT permanently stored
- Audio is processed in memory and discarded after transcription
6. Data Sharing
6.1 We share data with:
| Recipient | What We Share | Why |
|---|---|---|
| Anthropic (Claude AI) | Conversation text (in real-time, not stored by Anthropic per our DPA) | Power Grove's conversation engine |
| OpenAI (Whisper) | Voice audio (processed, not stored per our DPA) | Speech-to-text transcription |
| ElevenLabs | Generated text responses (not stored per our DPA) | Text-to-speech voice output |
| Stripe | Payment information (we never see or store card numbers) | Billing |
| Licensed psychologists (Grove clinical team) | Safety events + sampled sessions for quality audit | Child protection + clinical quality |
6.2 We NEVER share data with:
- Advertisers or ad networks
- Data brokers
- Social media platforms
- Marketing companies
- Any third party for commercial purposes
6.3 Legal Requirements
We may disclose information if required by:
- Court order or subpoena
- Mandatory reporting obligations (child abuse/neglect)
- Imminent threat to the safety of a child
7. Data Ownership and Control
7.1 Your Rights
| Right | How to Exercise |
|---|---|
| Accessyour child's data | Dashboard → Settings → Data → View All |
| Export all data | Dashboard → Settings → Data → Export (JSON + PDF) |
| Delete all data | Dashboard → Settings → Data → Delete All |
| Correct inaccurate data | Dashboard → Settings → Edit Profile |
| Restrict processing | Contact privacy@exploregrove.com |
| Object to processing | Contact privacy@exploregrove.com |
7.2 Data Portability
You can export your child's complete data at any time, including:
- Full conversation history
- Knowledge graph (structured format)
- Developmental Dimensions history
- All Blueprints and reports
- Session summaries and milestones
Export is delivered in standard JSON format + PDF reports.
7.3 Data Deletion
When you request deletion:
- All conversation data is permanently deleted within 30 days
- Knowledge graph is permanently deleted
- Developmental data is permanently deleted
- Account information is deleted
- Exception: Safety event records (Tier 2 and 3) are retained as required by law for mandatory reporting compliance
7.4 Ownership Transfer at 18
When your child turns 18:
- Full data ownership transfers to your child
- Your access to their data requires their consent
- They can delete, export, or modify all data
- They control who can access their Grove Profile
- This transfer is automatic on their 18th birthday
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of subscription + 90 days |
| Conversation transcripts | Family-controlled (deletable anytime) |
| Knowledge graph | Family-controlled (deletable anytime) |
| Safety events (Tier 2–3) | 7 years (legal requirement) |
| Billing records | 7 years (tax/legal requirement) |
| Anonymized aggregate data | Indefinite (no individual identification possible) |
| Deleted account data | Permanently deleted within 30 days of request |
9. Children's Rights (Ages 13–17)
Children ages 13–17 have additional rights under Grove's sovereignty transition model:
- Ages 13–14: Right to private conversations (parents see summaries, not transcripts)
- Ages 15–17: Right to control what parents can see
- Age 17: Right to view full account history (including parent configuration)
- Age 18: Full ownership and all adult privacy rights
10. Research Use
With explicit parental opt-in consent:
- Anonymized, aggregated developmental data may be used for published research
- No individual child is identifiable in any research output
- Research is conducted by or with independent academic institutions
- You can opt out of research participation at any time
- Opting out does not affect your Grove service
11. Changes to This Policy
We will notify you of material changes to this policy via:
- Email notification
- Dashboard notification
- 30-day notice period before changes take effect
Continued use after the notice period constitutes acceptance. If you disagree, you may delete your data and cancel.
12. Contact
Privacy questions: privacy@exploregrove.com
Data requests: data@exploregrove.com
Safety concerns: safety@exploregrove.com
General: hello@exploregrove.com